Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/CISOfy/lynis.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/include/tests_scheduling
diff options
context:
space:
mode:
authorMichael Boelen <michael.boelen@cisofy.com>2017-04-30 18:59:35 +0300
committerMichael Boelen <michael.boelen@cisofy.com>2017-04-30 18:59:35 +0300
commit4ecb9d4d05124b813cd4d7ddcaf5671c2f4c4765 (patch)
tree282f5a4e9e3530ada04d00bda3e8ac118cf70bbd /include/tests_scheduling
parent5ccd0912cf74f5d3dd07e5ed5fe0e6a30571fbb5 (diff)
[bulk change] cleaning up, code enhancements, initialization of variables, and new tests
Diffstat (limited to 'include/tests_scheduling')
-rw-r--r--include/tests_scheduling77
1 files changed, 39 insertions, 38 deletions
diff --git a/include/tests_scheduling b/include/tests_scheduling
index 2e2c1b8b..33f1f8a1 100644
--- a/include/tests_scheduling
+++ b/include/tests_scheduling
@@ -36,8 +36,9 @@
Register --test-no SCHD-7702 --weight L --network NO --category security --description "Check status of cron daemon"
if [ ${SKIPTEST} -eq 0 ]; then
FIND=$(${PSBINARY} aux | ${EGREPBINARY} "( cron$|/cron(d)? )")
- if [ -z "${FIND}" ]; then
+ if IsEmpty "${FIND}"; then
LogText "Result: no cron daemon found"
+ AddHP 3 3
else
LogText "Result: cron daemon running"
CROND_RUNNING=1
@@ -63,42 +64,42 @@
if IsWorldWritable ${CRONTAB_FILE}; then LogText "Result: insecure file permissions for cronjob file ${CRONTAB_FILE}"; Report "insecure_fileperms_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi
if ! IsOwnedByRoot ${CRONTAB_FILE}; then LogText "Result: incorrect owner found for cronjob file ${CRONTAB_FILE}"; Report "bad_fileowner_cronjob[]=${CRONTAB_FILE}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi
FindCronJob ${CRONTAB_FILE}
- for I in ${sCRONJOBS}; do
- LogText "Found cronjob (${CRONTAB_FILE}): ${I}"
- Report "cronjob[]=${I}"
+ for ITEM in ${sCRONJOBS}; do
+ LogText "Found cronjob (${CRONTAB_FILE}): ${ITEM}"
+ Report "cronjob[]=${ITEM}"
done
fi
CRON_DIRS="${ROOTDIR}etc/cron.d"
- for I in ${CRON_DIRS}; do
- LogText "Test: checking directory ${I}"
- if [ -d ${I} ]; then
- if FileIsReadable ${I}; then
- LogText "Result: found directory ${I}"
- LogText "Test: searching files in ${I}"
- FIND=$(${FINDBINARY} ${I} -type f -print | ${GREPBINARY} -v ".placeholder")
- if [ -z "${FIND}" ]; then
- LogText "Result: no files found in ${I}"
+ for DIR in ${CRON_DIRS}; do
+ LogText "Test: checking directory ${DIR}"
+ if [ -d ${DIR} ]; then
+ if FileIsReadable ${DIR}; then
+ LogText "Result: found directory ${DIR}"
+ LogText "Test: searching files in ${DIR}"
+ FIND=$(${FINDBINARY} ${DIR} -type f -print | ${GREPBINARY} -v ".placeholder")
+ if IsEmpty "${FIND}"; then
+ LogText "Result: no files found in ${DIR}"
else
- LogText "Result: found one or more files in ${I}. Analyzing files.."
- for J in ${FIND}; do
- if IsWorldWritable ${J}; then LogText "Result: insecure file permissions for cronjob file ${J}"; Report "insecure_fileperms_cronjob[]=${J}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi
- if ! IsOwnedByRoot ${J}; then LogText "Result: incorrect owner found for cronjob file ${J}"; Report "bad_fileowner_cronjob[]=${J}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi
- FindCronJob ${J}
- if [ ! -z "${sCRONJOBS}" ]; then
+ LogText "Result: found one or more files in ${DIR}. Analyzing files.."
+ for FILE in ${FIND}; do
+ if IsWorldWritable ${FILE}; then LogText "Result: insecure file permissions for cronjob file ${J}"; Report "insecure_fileperms_cronjob[]=${J}"; BAD_FILE_PERMISSIONS=1; AddHP 0 5; fi
+ if ! IsOwnedByRoot ${FILE}; then LogText "Result: incorrect owner found for cronjob file ${J}"; Report "bad_fileowner_cronjob[]=${J}"; BAD_FILE_OWNERSHIP=1; AddHP 0 5; fi
+ FindCronJob ${FILE}
+ if HasData "${sCRONJOBS}"; then
for K in ${sCRONJOBS}; do
- LogText "Result: Found cronjob (${J}): ${K}"
- Report "cronjob[]=${J}"
+ LogText "Result: Found cronjob (${FILE}): ${K}"
+ Report "cronjob[]=${FILE}"
done
fi
done
- LogText "Result: done with analyzing files in ${I}"
+ LogText "Result: done with analyzing files in ${DIR}"
fi
else
- LogText "Result: can not read file or directory ${I}"
+ LogText "Result: can not read file or directory ${DIR}"
fi
else
- LogText "Result: directory ${I} does not exist"
+ LogText "Result: directory ${DIR} does not exist"
fi
done
@@ -218,11 +219,11 @@
if [ ${SKIPTEST} -eq 0 ]; then
AT_UNKNOWN=0
case ${OS} in
- FreeBSD) AT_ALLOW="/var/at/at.allow"; AT_DENY="/var/at/at.deny" ;;
- HPUX) AT_ALLOW="/usr/lib/cron/at.allow"; AT_DENY="/usr/lib/cron/at.deny" ;;
- Linux) AT_ALLOW="/etc/at.allow"; AT_DENY="/etc/at.deny" ;;
- OpenBSD) AT_ALLOW="/var/cron/at.allow"; AT_DENY="/var/cron/at.deny" ;;
- SunOS) AT_ALLOW="/etc/cron.d/at.allow"; AT_DENY="/etc/cron.d/at.deny" ;;
+ FreeBSD) AT_ALLOW="${ROOTDIR}var/at/at.allow"; AT_DENY="${ROOTDIR}var/at/at.deny" ;;
+ HPUX) AT_ALLOW="${ROOTDIR}usr/lib/cron/at.allow"; AT_DENY="${ROOTDIR}usr/lib/cron/at.deny" ;;
+ Linux) AT_ALLOW="${ROOTDIR}etc/at.allow"; AT_DENY="${ROOTDIR}etc/at.deny" ;;
+ OpenBSD) AT_ALLOW="${ROOTDIR}var/cron/at.allow"; AT_DENY="${ROOTDIR}var/cron/at.deny" ;;
+ SunOS) AT_ALLOW="${ROOTDIR}etc/cron.d/at.allow"; AT_DENY="${ROOTDIR}etc/cron.d/at.deny" ;;
*) AT_UNKNOWN=1; LogText "Test skipped, files for at unknown" ;;
esac
if [ ${AT_UNKNOWN} -eq 0 ]; then
@@ -232,14 +233,14 @@
if [ ${CANREAD} -eq 1 ]; then
LogText "Result: file ${AT_ALLOW} exists, only listed users can schedule at jobs"
FIND=$(${SORTBINARY} ${AT_ALLOW})
- if [ -z "${FIND}" ]; then
+ if IsEmpty "${FIND}"; then
LogText "Result: File empty, no users are allowed to schedule at jobs"
else
- for I in ${FIND}; do
- LogText "Allowed at user: ${I}"
+ for ITEM in ${FIND}; do
+ LogText "Allowed at user: ${ITEM}"
done
fi
- else
+ else
LogText "Result: can not read ${AT_ALLOW} (no permission)"
fi
else
@@ -253,8 +254,8 @@
if [ -z "${FIND}" ]; then
LogText "Result: file is empty, no users are denied access to schedule jobs"
else
- for I in ${FIND}; do
- LogText "Denied at user: ${I}"
+ for ITEM in ${FIND}; do
+ LogText "Denied at user: ${ITEM}"
done
fi
else
@@ -281,10 +282,10 @@
if [ ${SKIPTEST} -eq 0 ]; then
LogText "Test: Check scheduled at jobs"
FIND=$(atq | ${GREPBINARY} -v "no files in queue" | ${AWKBINARY} '{gsub("\t"," ");print}' | ${SEDBINARY} 's/ /!space!/g')
- if [ ! -z "${FIND}" ]; then
+ if HasData "${FIND}"; then
LogText "Result: found one or more jobs"
- for I in ${FIND}; do
- VALUE=$(echo ${I} | ${SEDBINARY} 's/!space!/ /g')
+ for ITEM in ${FIND}; do
+ VALUE=$(echo ${ITEM} | ${SEDBINARY} 's/!space!/ /g')
LogText "Found at job: ${VALUE}"
done
Display --indent 4 --text "- Checking at jobs" --result "${STATUS_FOUND}" --color GREEN
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-19 03:58:56 +0300